Hancock Health Ransomware: Attacking Through the Supply Chain

Hancock Health, an Indiana hospital, was recently targeted with a ransomware infection. They just paid the ransom to the hackers who gained access using the credentials of a third-party vendor.

The hospital said the hack was immediately noticed by employees, and affected email, electronic health record (EHR) software, and internal operating systems. More than 1,400 files were targeted, with hackers demanding payment within seven days to prevent permanent file encryption. The hospital said the files were backed up and could have been recovered, but restoring them would take significant time and be costly.

After payment of four Bitcoins, worth approximately $55,000, the files were released and hospital operations were restored.

Paying ransomware is risky business. Law enforcement and security experts generally recommend not paying ransom for several reasons: paying a ransom provides further funding to such operations, there’s no guarantee that a ransom payment will result in returned files, and an organization who pays a ransom can be perceived as a ‘good’ target for further extortion.

Abuse of insider credentials can happen anywhere in the supply chain. In this instance, the valid credentials of a vendor were exploited. To help prevent this type of threat, organizations should:

Routinely re-assess vendor access levels, especially in those cases where vendors have privileged access. Go beyond the obvious need to revoke access as personnel or vendors offboard, and periodically review if the job requirements still require access.

Use activity and network monitoring software to help identify illegitimate use of valid logon credentials. With such software, administrators can be alerted to successful logins at unusual times (for the user or for the system) or successful logins from unusual locations (for the user or for the system). Click below to learn more about Teramind.

Marianna Noll is a Maryland-based writer with an interest in the impact that technology has on organizations and users. She writes about software, user adoption and engagement with software, and IT security.